Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Review Post-infection Cleanup


  • Please log in to reply
7 replies to this topic

#1 benny269

benny269

  • Members
  • 158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Slough
  • Local time:08:28 PM

Posted 17 November 2006 - 10:55 AM

Hi there

Over the last week or so I've had a number of problems with my pc relating to spyware & adware problems. I believe I was infected with a variant of the smitfraud type adware. General searching has led me to believe it was loosely linked to SpyQuake as I had things like VirusBurst and Protection Bar forced up on me. Generally symptoms included new desktop icons linking to websites selling virus protection software, an icon in the system tray flashing warning messages saying I had a serious infection and hijacking of my homepage sending me to some Protection Centre.

Basically I have had similar problems in the past and so had some experience in the situation and so attempted to solve as much of the issues I could from personal knowledge and with reference to other forums and support websites. To quickly cover the processes I have already gone through: I used SmitRem (log enclosed), BFU, RogueScan, and SmitFraudFix which together solved most of the problems. Now I have control over all of my pc again and am running everything normally. However I would like to ask advice as to if there is any residue left of the infection as I do not wish to be left open to further similar hits as this happened to me last time and caused the problem to become increasingly difficult.

Here are the latest actions I have taken:

1. Ran DiskCleanup utility to empty Recycle Bin and Temporary Files folders. Completed successfully.

2. Updated and used Ad-Aware and Spybot to remove anything each found. Both completed successfully. I have updated the ZoneAlarm, AVG Free AntiVirus and SpywareBlaster I normally use.

3. Ran HouseCall. Completed successfully I believe as no messages were shown at end. I was actually away from my pc for a while and when I came back the window had closed. I'm unsure as to if this is normal.

4. Ran Panda ActiveScan. On a number of recent scans during my removal period including the most recent occasion this scan threw up the following files as a concern: keyboard211.exe and rfscanax.dll. The first file seemed to be of no use and a google search implied that it could be harmful so I have removed it already but the second one I am completely unsure as to what it is and what to do about it. Also another file Panda finds as a threat is a program called killit.exe which from some research I believe to be a system file as I have a Compaq desktop and this file is linked to hp - found in the C:\HP\BIN folder. A related issue is that every time I now start my pc since the infection I am given an error message stating "pchnotify.exe has encountered a problem" and that it needs to terminate. This also seems to be something related to hp and I have found instructions on how to stop the error message appearing but I do not know if this would be a wise course of action. I need advice with these 3 items.

5. Ran BitDefender. I believe it ran successfully solving any errors it came across as it didn't clearly identify others however on closer inspection of the log some items it was unable to disinfect. I will enclose the html log.

So to summarise I have taken most of the steps required to disinfect my pc removing any adware/spyware and regain control. I can now use my pc as normal. I would like any advice on the minor outstanding issues regarding the files rfscanax.dll and killit.exe and the error message for pchnotify.exe. Finally I am going to include the HJT log for my pc in its current condition for analysis and if you could let me know if there is anything outstanding it would be most helpful as I'd like to go back to using my pc for more secure purposes I need. If any more details or further information is required please do not hesitate to contact me. I will try to be as fast and efficient as possible.

Many thanks in advance.
----------------------------------------------------------------------------------------------------------------------------
BitDefender Online Scanner



Scan report generated at: Thu, Nov 16, 2006 - 00:45:54





Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;







Statistics

Time
01:13:02

Files
741225

Folders
7057

Boot Sectors
3

Archives
23772

Packed Files
90805




Results

Identified Viruses
4

Infected Files
9

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
9




Engines Info

Virus Definitions
316195

Engine build
AVCORE v1.0 (build 2355) (i386) (Sep 25 2006 13:46:24)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP478\A0110341.dll
Infected with: Trojan.Downloader.Zlob.BIA

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP478\A0110341.dll
Disinfection failed

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP478\A0110341.dll
Deleted

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP478\A0110343.exe
Infected with: Trojan.Downloader.Zlob.BIB

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP478\A0110343.exe
Disinfection failed

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP478\A0110343.exe
Deleted

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110458.dll
Infected with: Trojan.Downloader.Zlob.BIA

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110458.dll
Disinfection failed

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110458.dll
Deleted

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110461.exe
Infected with: Trojan.Downloader.Zlob.BIB

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110461.exe
Disinfection failed

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110461.exe
Deleted

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110472.dll
Infected with: Trojan.Zlob.AN

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110472.dll
Disinfection failed

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110472.dll
Deleted

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110564.exe
Infected with: Trojan.Downloader.Zlob.DQ

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110564.exe
Disinfection failed

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110564.exe
Deleted

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110565.dll
Infected with: Trojan.Downloader.Zlob.BIA

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110565.dll
Disinfection failed

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110565.dll
Deleted

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110566.exe
Infected with: Trojan.Downloader.Zlob.BIB

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110566.exe
Disinfection failed

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110566.exe
Deleted

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110567.exe
Infected with: Trojan.Downloader.Zlob.BIA

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110567.exe
Disinfection failed

C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110567.exe
Deleted
----------------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 15:46:26, on 17/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live Mail desktop\wlmail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.virgin.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102w.bay102.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase7617.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136165638062
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.arcadetown.com/swf/luxor/mjolauncher.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.warwick.ac.uk/newwebcam/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 17 November 2006 - 04:54 PM

Looks fine, but let's get AVG's AntiSpy - formerly Ewido

Edited by MFDnSC, 17 November 2006 - 06:26 PM.

"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 benny269

benny269
  • Topic Starter

  • Members
  • 158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Slough
  • Local time:08:28 PM

Posted 17 November 2006 - 06:18 PM

I'm sorry this may be a silly question but are you sure all of this applies to me? I had a very minor issue to ask about really and wasnt expecting such a lengthy support. Also in a number of the instructions its not clear what you mean for example...

kill2me - http://www.majorgeeks.com/download4166.html

Red x - http://support.microsoft.com/?kbid=283807

Remove Norton - http://service1.symantec.com/SUPPORT/nav.n...001092114452606

A number of such similar links are given which have a multitude of instructions and I do not know which to follow and how. Just as a note though the majority of the items you have selected for removal or uninstallation I do not recognise nor can I find any trace of on my pc. Skimming through I can't understand why so many proceses are required. Can you just clarify if these actions are absolutely necessary and why and then if required I will go through the list task by task all in one sitting.

Thanks for the reply. Awaiting the followup.

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 17 November 2006 - 06:25 PM

Opps I copied all my scripts

Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop. Note: This is NOT the Anti Virus from AVG.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.
1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
o Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
o Select "Automatically generate report after every scan"
o Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
4. AVG will now begin the scanning process. Please be patient as this may take a little time.
Once the scan is complete, do the following:
5. If you have any infections you will be prompted. Then select "Apply all actions."
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the log from AVG
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 benny269

benny269
  • Topic Starter

  • Members
  • 158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Slough
  • Local time:08:28 PM

Posted 20 November 2006 - 07:32 AM

I mistakenly saved the report before I applied the actions. For your information though, Zlob.axf, Zlob.axp, TSUpdate.j all quarantined (found in quarantine section of AVGAS), 1st cookie deleted, 2nd cookie Ignored Once. Do not remember action on first entry but all completed successfully.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:18:01 20/11/2006

+ Scan result:



C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110474.exe -> Adware.VirusBurst.c : No action taken.
C:\Program Files\Common Files\oqii\oqiid\vocabulary -> Downloader.TSUpdate.j : No action taken.
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110570.exe -> Downloader.Zlob.axf : No action taken.
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP479\A0110568.exe -> Downloader.Zlob.axp : No action taken.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@com[2].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@com[3].txt -> TrackingCookie.Com : No action taken.


::Report end

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 20 November 2006 - 11:41 AM

Clean Posted Image

Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 benny269

benny269
  • Topic Starter

  • Members
  • 158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Slough
  • Local time:08:28 PM

Posted 20 November 2006 - 03:49 PM

I will do that now. My pc may well be clean but with all due respect you have neglected to explain a reason or method for proceeding with the intial 3 issues I highlighted to you in the opening of my topic. I still know nothing about what rfscanax.dll and killit.exe are or what to do with them. I am also still getting the pchnotify.exe error at every startup which I do have some idea about the origins but am again unsure as to how to proceed to solve the problem. I would appreciate some information on these particular points.

Thanks in advance.

#8 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 20 November 2006 - 04:28 PM

It is your responsibility to keep up with your problems not mine.

Delete rfscanax.dll

A simple google would have told you about killit

http://www.pcreview.co.uk/forums/thread-108839.php

Same for pch

http://h10025.www1.hp.com/ewfrf/wc/documen...cname=c00575481
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users